Overview:
Snyk (pronounced sneak) is a developer security platform for securing code, dependencies, containers, and infrastructure as code.
Snyk tests for vulnerabilities in your own code, open-source dependencies, Container images, and Infrastructure as Code (IaC) configurations, and offers context, prioritization, and fixes.
Snyk reporting acts as a Bill of Materials (BOM) to quickly and easily identify which projects have a specific version of a dependency. Dependency reports identify each individual open-source dependency by name, along with version, vulnerabilities, and related projects.
Snyk uses CVSS framework version 3.1 to communicate the characteristics and severity of vulnerabilities.
Steps
At a high level here are the steps you will need to complete to make the connection between ControlMap and
Snyk.
1. Add a project to your Snyk account.
2. List out all vulnerability scanned by Snyk.
3. Obtain API Token, Organization Id, Project Id from Snyk.
Step 1: Add a project to your Snyk account.
1. Login to your Snyk account using https://app.snyk.io.
2. Go to Project tabs.
3. Click on Add Project button on top right side.
4. Select a cloud repository location where your project is.
5. After clicking any of the cloud repository. Select repository to be scanned (let’s say you clicked bitbucket and selected any repository the following page will appear).
6. Click on Add selected repository present at top right of screen.
Step 2: List out all vulnerability scanned by Snyk
- After step 1, Click on Projects tab.
Page will look like this.
- Expand the target repository and select pom.xml file.
Following page will appear with SEVERITY levels.
- Obtain API Token, Organization Id, Project Id from Snyk
1. For API Token
a) Click on profile button on top right of screen.
b) After click on account settings you will get following screen.
2) For Project Id:
a) Click on org setting on menu bar.
b) Following page will appear. Please note down the Organization Id.
3) For Project Id:
a) Go to Projects tab.
Page will look like this.
b) Expand the expand repository and select pom.xml file.
c) Click on setting from right side.
d) Note down the Project Id from here.